man: update example in systemd-measure.xml (#35506)

In the example from systemd-measure(1), do not bind to PCR 7 in
addition to the PCR policy.

As long as this is still done by default, see #35280.

(cherry picked from commit 693038fce47a819c5eebeb4fce39c9ac991acf84)
(cherry picked from commit 926f5ab6bf0e3541106e6a6f95af4cbdec50582b)

diff --git a/man/systemd-measure.xml b/man/systemd-measure.xml
index c7eca1b103d158568de70cf181f5af1fa7538152..4d6fa442a72bbfd883a908583dc96c5d6da5fef2 100644 (file)
--- a/man/systemd-measure.xml
+++ b/man/systemd-measure.xml
@@ -312,6 +312,7 @@ $ openssl rsa -pubout -in tpm2-pcr-private.pem -out tpm2-pcr-public.pem
      <programlisting># systemd-cryptenroll --tpm2-device=auto \
      --tpm2-public-key=tpm2-pcr-public.pem \
      --tpm2-signature=tpm2-pcr-signature.json \
+     --tpm2-pcrs="" \
      /dev/sda5</programlisting>
 
      <para>And then unlock the device with the signature:</para>